Merge branch 'master' into ecs-wip

* master:
  Fix: NAGIOS TIMEPERIOD unknown (from/to) field matching (#275)
  Fix: match Information/INFORMATION in LOGLEVEL (#274)
  Fix: Java stack trace's JAVAFILE to better match generated names (#272)

Author: kares

CHANGELOG.md

@@ -1,3 +1,8 @@
+## 4.2.0
+  - Fix: Java stack trace's JAVAFILE to better match generated names
+  - Fix: match Information/INFORMATION in LOGLEVEL [#274](https://github.com/logstash-plugins/logstash-patterns-core/pull/274)
+  - Fix: NAGIOS TIMEPERIOD unknown (from/to) field matching [#275](https://github.com/logstash-plugins/logstash-patterns-core/pull/275) 
+
 ## 4.1.2
   - Fix some documentation issues
 

logstash-patterns-core.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-patterns-core'
-  s.version         = '4.1.2'
+  s.version         = '4.2.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Patterns to be used in logstash"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

patterns/ecs-v1/grok-patterns

@@ -92,4 +92,4 @@ QS %{QUOTEDSTRING}
 SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:
 
 # Log Levels
-LOGLEVEL ([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)
+LOGLEVEL ([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo?(?:rmation)?|INFO?(?:RMATION)?|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)

patterns/ecs-v1/java

@@ -1,6 +1,6 @@
 JAVACLASS (?:[a-zA-Z$_][a-zA-Z$_0-9]*\.)*[a-zA-Z$_][a-zA-Z$_0-9]*
 #Space is an allowed character to match special cases like 'Native Method' or 'Unknown Source'
-JAVAFILE (?:[A-Za-z0-9_. -]+)
+JAVAFILE (?:[a-zA-Z$_0-9. -]+)
 #Allow special <init>, <clinit> methods
 JAVAMETHOD (?:(<(?:cl)?init>)|[a-zA-Z$_][a-zA-Z$_0-9]*)
 #Line number is optional in special cases 'Native method' or 'Unknown source'

patterns/ecs-v1/nagios

@@ -89,7 +89,7 @@ NAGIOS_PASSIVE_HOST_CHECK %{NAGIOS_TYPE_PASSIVE_HOST_CHECK:nagios_type}: %{DATA:
 NAGIOS_SERVICE_EVENT_HANDLER %{NAGIOS_TYPE_SERVICE_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}
 NAGIOS_HOST_EVENT_HANDLER %{NAGIOS_TYPE_HOST_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}
 
-NAGIOS_TIMEPERIOD_TRANSITION %{NAGIOS_TYPE_TIMEPERIOD_TRANSITION:nagios_type}: %{DATA:nagios_service};%{DATA:nagios_unknown1};%{DATA:nagios_unknown2}
+NAGIOS_TIMEPERIOD_TRANSITION %{NAGIOS_TYPE_TIMEPERIOD_TRANSITION:nagios_type}: %{DATA:nagios_service};%{NUMBER:nagios_unknown1};%{NUMBER:nagios_unknown2}
 
 ####################
 #### External checks

spec/patterns/core_spec.rb

@@ -63,6 +63,19 @@
   end
 end
 
+describe 'LOGLEVEL' do
+  it 'matches info label' do
+    expect(grok_match(subject, 'INFO')).to pass
+    expect(grok_match(subject, 'info')).to pass
+  end
+
+  it 'matches information label' do
+    expect(grok_match(subject, 'information')).to pass
+    expect(grok_match(subject, 'Information')).to pass
+    expect(grok_match(subject, 'INFORMATION')).to pass
+  end
+end
+
 describe "IPORHOST" do
 
   let(:pattern)    { "IPORHOST" }

spec/patterns/java_spec.rb

@@ -16,3 +16,30 @@
     end
   end
 end
+
+describe "JAVASTACKTRACEPART" do
+  let(:pattern) { 'JAVASTACKTRACEPART' }
+  let(:message) { '  at com.sample.stacktrace.StackTraceExample.aMethod(StackTraceExample.java:42)' }
+  it "matches" do
+    grok = grok_match(pattern, message, true)
+    expect(grok).to include({
+                                "message"=>"  at com.sample.stacktrace.StackTraceExample.aMethod(StackTraceExample.java:42)",
+                                "method"=>"aMethod",
+                                "class"=>"com.sample.stacktrace.StackTraceExample",
+                                "file"=>"StackTraceExample.java",
+                                "line"=>"42"
+                            })
+  end
+
+  context 'generated file' do
+    let(:message) { '  at org.jruby.RubyMethod$INVOKER$i$call.call(RubyMethod$INVOKER$i$call.gen)' }
+    it "matches" do
+      grok = grok_match(pattern, message, true)
+      expect(grok).to include({
+                                  "method"=>"call",
+                                  "class"=>"org.jruby.RubyMethod$INVOKER$i$call",
+                                  "file"=>"RubyMethod$INVOKER$i$call.gen",
+                              })
+    end
+  end
+end

spec/patterns/nagios_spec.rb

@@ -82,7 +82,7 @@
 
 describe "NAGIOSLOGLINE - TIMEPERIOD TRANSITION" do
 
-  let(:value)   { "[1427925600] TIMEPERIOD TRANSITION: 24X7;1;1" }
+  let(:value)   { "[1427925600] TIMEPERIOD TRANSITION: 24X7;-1;1" }
   let(:grok)    { grok_match(subject, value) }
 
   it "a pattern pass the grok expression" do
@@ -105,6 +105,10 @@
     expect(grok).to include("nagios_service" => "24X7")
   end
 
+  it "generates the period from/to fields" do
+    expect(grok).to include("nagios_unknown1" => "-1", "nagios_unknown2" => "1")
+  end
+
   # Regression test for but fixed in Nagios patterns #30
   it "doesn't end in a semi-colon" do
     expect(grok['message']).to_not end_with(";")